Commit graph

16 commits

Author SHA1 Message Date
Maximilian Bosch
e4b49457af
osquery: 3.2.9 -> 3.3.2
Although there's already a windows-only 3.4[1], the latest release for
Unix systems is 3.3.2[2] with the following changes:

* SELinux event recording[3]
* SMART drive information[4]
* ELF parsing to monitor compiler-level protections for binaries[5]

The diff became rather big in the end due to the following changes:

* The SMART information feature uses a custom fork of smartmontools to
  retrieve SMART data programatically[6].

* Replaced the old, bloated `misc.patch` by a simpler patch that only
  fixes two (actual) issues in the CMake build, unnecessary link targets
  and an invalid compiler flag.

* I tried to clean the derivation's code up a little bit by
  simplifying the `preConfigure` hook and adding only one build-input
  per line (that makes merging of several changes to the derivation
  easier as well).

[1] https://github.com/facebook/osquery/releases/tag/3.4.0
[2] https://github.com/facebook/osquery/releases/tag/3.3.2
[3] https://github.com/facebook/osquery/pull/4224
[4] https://github.com/facebook/osquery/pull/4133
[5] https://github.com/facebook/osquery/pull/4708
[6] https://github.com/allanliu/smartmontools
2019-05-27 16:15:56 +02:00
Daniel Schaefer
786f02f7a4 treewide: Remove usage of isNull
isNull "is deprecated; just write e == null instead" says the Nix manual
2019-04-29 14:05:50 +02:00
Maximilian Bosch
7a961cf06f
osquery: fix build
We use `dpkg` 1.19.2 since 23661254e4.
This version dropped pkg_db_reset` in  `<dpkg/dpkg_db.h>` which broke compilation with the
following errors:

```
/build/source/osquery/tables/system/linux/deb_packages.cpp: In function 'void osquery::tables::dpkg_setup(pkg_array*)':
/build/source/osquery/tables/system/linux/deb_packages.cpp:83:3: error: 'pkg_array_init_from_db' was not declared in this scope
   pkg_array_init_from_db(packages);
   ^~~~~~~~~~~~~~~~~~~~~~
/build/source/osquery/tables/system/linux/deb_packages.cpp:83:3: note: suggested alternative: 'pkg_array_init_from_hash'
   pkg_array_init_from_db(packages);
   ^~~~~~~~~~~~~~~~~~~~~~
   pkg_array_init_from_hash
/build/source/osquery/tables/system/linux/deb_packages.cpp: In function 'void osquery::tables::dpkg_teardown(pkg_array*)':
/build/source/osquery/tables/system/linux/deb_packages.cpp:93:3: error: 'pkg_db_reset' was not declared in this scope
   pkg_db_reset();
   ^~~~~~~~~~~~
/build/source/osquery/tables/system/linux/deb_packages.cpp:93:3: note: suggested alternative: 'pkg_hash_reset'
   pkg_db_reset();
   ^~~~~~~~~~~~
   pkg_hash_reset
make[2]: *** [osquery/tables/CMakeFiles/osquery_system_tables.dir/build.make:115: osquery/tables/CMakeFiles/osquery_system_tables.dir/system/linux/deb_packages.cpp.o] Error 1
```

As there's currently no upstream fix, it's better to use an older
version of `dpkg` for now.
2019-02-13 11:21:43 +01:00
Maximilian Bosch
65f08fc212
osquery: fix build
It seems as without the appropriate linker flag `-lcrypto` the
`libcrypto.sh` can't be found by `ld` which broke one of the linker
processes during compilation.

See also https://hydra.nixos.org/build/87208819
2019-01-14 23:03:50 +01:00
Maximilian Bosch
8934dae2c3
osquery: fix build
As discussed in #51756, recently packaged versions of `lvm2` miss the
`lvm2app.h` header which breaks the osquery build.

Please note that this simply fixes the build and is not an upgrade. The
CMake patches are fairly diverged in constrast to the current upstream
packaging which requires a lot more effort I can't provide ATM.

cc @markuskowa @hedning
2018-12-24 15:16:26 +01:00
Symphorien Gibol
a85fedab2e osquery: do not rebuild at each nixpkgs commit 2018-08-07 02:43:40 +02:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Maximilian Bosch
fbc009f266 osquery: 3.2.8 -> 3.2.9 (#43690)
Latest bugfix release with the following notable changes:

* Memory leak resolve for dispatcher
  (06d4865445)

* Fix include path on status.h
  (5bd4984f2a)

Additionally the patch had to be rebased onto the 3.2.9 branch as it
added XCode support including some CLang flags (namely `-fno-limit-debug-info`)
which are unsupported on GCC.
(see bccc28dd98)
2018-07-18 22:23:20 +02:00
Maximilian Bosch
a6d2cd5458
osquery: 3.2.2 -> 3.2.8
The 3.2.2 build fails ATM on Hydra: https://hydra.nixos.org/build/75998362

Bumping to 3.2.8 and rebasing `osquery/CMakeLists.txt` with `misc.patch`
fixes the issue. Additionally the NixOS test remains functional.
2018-06-18 16:50:31 +02:00
Maximilian Bosch
9274ea3903
treewide: rename version attributes
As suggested in https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745
the versioning attributes in `lib` should be consistent to
`nixos/version` which implicates the following changes:

* `lib.trivial.version` -> `lib.trivial.release`
* `lib.trivial.suffix` -> `lib.trivial.versionSuffix`
* `lib.nixpkgsVersion` -> `lib.version`

As `lib.nixpkgsVersion` is referenced several times in `NixOS/nixpkgs`,
`NixOS/nix` and probably several user's setups. As the rename will cause
a notable impact it's better to keep `lib.nixpkgsVersion` as alias with
a warning yielded by `builtins.trace`.
2018-04-28 14:23:53 +02:00
Maximilian Bosch
f66cdc71a3
osquery: use stdenv.lib.nixpkgsVersion
This way easier to understand and the officially recommended approach.

/cc @dezgeg @fpletz
2018-04-28 14:23:13 +02:00
Maximilian Bosch
3cd2707e37
osquery: 2.5.2 -> 3.2.2
The package was originally broken as reported in #38940 and
facebook/osquery#4257. The latest version (3.x) contains several
important fixes for GCC 7, so now we can compile without a much less
complicated patches.

The following changes were needed to fix the derivation:

* Upgrade `osquery/third-party` to the latest rev to be compliant with
  osquery 3.

* Keep using an override for the AWS SDK (for a lower closure size and
  less compile time), but make the `ec2` API available.

* Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the
  build. `linenoise-ng` is obsolete as it's directly bundled with
  `osquery/third-party`.

* Fixed the linking issue with `gflags` as recommended in the mailing
  list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ

* Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and
  `devicemapper` (thanks @Infinisil).

* Override `OSQUERY_PLATFORM` to provide `nixos:version`
  for sandbox and non-NixOS based builds. The `platform-nixos.patch`
  file is now obsolete (thanks @flokli).

The patch was rebased against the 3.x branch of `osquery` and contains
mostly old changes. Additionally several testing targets were skipped as
they broke the build.

The functionality has been testing using the following command:

```
mkdir /tmp/osq.log/
./result/bin/osqueryd --pidfile /tmp/osq.pid \
  --database_path /tmp/test.db --logger_path /tmp/osq.log
```

With the daemon running the database can be queried easily using
`./result/bin/osqueryi`.

Fixes ticket #38940
See ticket #36453

Further reference can be gathered from the affected Hydra logs for
the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
xeji
48573657b5 osquery: mark as broken 2018-04-12 23:04:03 +02:00
Silvan Mosberger
f5fa5fa4d6 pkgs: refactor needless quoting of homepage meta attribute (#27809)
* pkgs: refactor needless quoting of homepage meta attribute

A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.

* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit

* Fixed some instances
2017-08-01 22:03:30 +02:00
Charles Strahan
232c34b8f4
osquery: use packaged sqlite and gtest/gmock 2017-07-24 21:48:08 -04:00
Charles Strahan
53426f6cb9
osquery: init at 2.5.2 2017-07-24 21:47:32 -04:00